Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
backbone-server
Advanced tools
Creates a Backbone.Server object which interfaces between Backbone, Socket.IO and Express.
Backbone-Server creates a Server module which pulls together Backbone and Express to bring greater structure to your NodeJS applications.
Backbone.Server can be accessed just like any other Backbone module:
var Backbone = require('backbone-server'); // Note: Backbone-Server relies on the backbone npm package and is not required.
// Current defaults for Backbone.Server
var server = new Backbone.Server({
'port' : 8000,
'public' : 'public', // The Public Director
'views' : 'views', // The Views Director
'view-engine' : 'jade', // Desired Templating Engine
'routes' : {}, // Any initial routes you may have (or create them all at once)
'socketio' : false // If set to true, Backbone.Server will enable socket.io functionality
});
And of course, you can always extend it in traditional Backbone form:
var Blog = Backbone.Server.extend({
// Custom features can go here
});
Once you have added a Server, add routes just as you would with Express:
server.get('/post/:id', function(req, res) {
var id = req.params.id,
article = articles.get(id);
res.render('single', article);
});
server.post('/post', function(req, res) {
articles.add(req.params);
});
server.put('/post/:id', function(req, res) {
var article = article.get(req.params.id);
article.set(req.params);
});
server.delete('/post/:id', function(req, res) {
articles.remove(params.req.id);
});
To enable socket.io functionality, set the socketio
attribute to true
upon creation of your new Backbone.Server object:
var server = new Backbone.Server(
'socketio' : true // If set to true, Backbone.Server will enable socket.io functionality
});
This will create an instance of socket.io at the io
attribute of your new server object (server.io
). You can now add standard socket.io events using the send
and receive
methods, like so:
// Socket.IO Functions
server.receive('connection', function() {
console.log("connected");
//... enter your server side code to create your models
server.send('models', [a, b, c, d]);
});
In your clientside application, you can receive commands from the server like so (note that backbone-server automatically provides a route to load Underscore and Backbone):
<script src="/backbone-server/backbone.js" type="text/javascript"></script>
<script src="/socket.io/socket.io.js" type="text/javascript"></script>
<script>
var socket = io.connect('http://localhost');
var Article = Backbone.Model.extend();
var Articles = Backbone.Collection.extend({
model: Article,
initialize: function() {
// Bind an event to notify when an article has been added to the server
this.bind('add', function(article) {
console.log("Article added!");
});
}
});
var articles = new Articles();
socket.on('models', function(data) {
_.each(data, function(d) {
articles.add(d); // queues the collection event ('articles added!');
});
});
</script>
To summarize, in the example above, we've created a Backbone.Server
which will push down server side models upon connection, and add them
to the client scripts Articles
collection.
Once you have created a server starting it is easy:
server.start();
###Target Express directly:
// server.express == Express
server.express
###Target Socket.io directly:
// server.io == socket.io
server.io
FAQs
Creates a Backbone.Server object which interfaces between Backbone, Socket.IO and Express.
The npm package backbone-server receives a total of 0 weekly downloads. As such, backbone-server popularity was classified as not popular.
We found that backbone-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.